A government report that values the economic impact of cybercrime to the UK at £27 billion per year has been dismissed as "nonsense" and "grubby" by a former government advisor.
The study, published by the Cabinet Office yesterday, claims that the annual cost of cybercrime to UK businesses is £21 billion. It values the impact to government at £2.2 billion, and private citizens at £3.1 billion. The investigation was conducted in conjunction with security contractor Detica, and it claims that the £27 billion forecast could in fact be an underestimate.
Interesting Links
Is cyber attack as threatening as terrorism? The government’s new defence strategy raises cyber attacks to a ‘tier one’ threat
National insecurity Politically motivated cyber attacks and information leaks have exposed the vulnerability of businesses and governments alike
However, London School of Economics information security professor Peter Sommer says that the research’s methodology is seriously flawed. "Pretending they’ve got reliable figures out of this is nonsense," Sommer told Information Age. "It’s a great pity the government has allied themselves to a grubby piece of puffery."
The report’s methodology says it used a "causal model, relating different cyber crime types to their impact on the UK economy" to reach the £27 billion figure. "We … calculated the magnitude of the costs of cyber crime using three-point estimates (worst-case, most-likely case and best-case scenarios)."
The study breaks cyber crime down into several categories. Intellectual property theft and espionage are valued as the most financially damaging, at £9.2 billion and £7.6 billion respectively. Other categories include extortion, identity theft and online fraud.
According to Sommer, industrial espionage is not technically considered a crime in the UK, and any losses incurred are generally too difficult to quantify.
Sommer believes that there is at least one more glaring oversight in the report. "There is a huge omission in terms of what most most people would think of as cybercrime and that is anything to do with sexual offences against children," he said. "I think the public is going to be pretty upset that this survey to which the Cabinet Office has put its name doesn’t even make the slightest mention of that category of crime."
Detica has refused repeated requests from Information Age for further details on how the study was conducted.
Sommer has previously worked as a Specialist Advisor to the House of Commons Select Committee on Trade and Industry and was a member of the Scientific Advisory Panel on Emergency Response run by the Government’s Chief Scientific Advisor.
He says that defence companies such as Detica and its parent BAE are eager to move into cyber security due to a shrinking market for physical defence systems.
"The funds for new military products have more or less dried up. The sorts of wars we’re fighting at the moment are wars of insurgency – they’re not high-tech wars," Sommer claims. "So it’s very difficult for them to go along to governments and say ‘you must have this absolutely wonderful new plane or this new weapon system’. They can’t sell that stuff. At the moment, there’s a fashion for cyber, it’s one of the only areas where there’s a prospect of real new money."
Earlier this year, Sommer co-authored a report which found that, unlike a flu pandemic or economic crisis, a single cyber attack could not trigger "global shock". "It is [not] helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure," he said at the time.